Are you expecting the delivery of packages in the build-up to Christmas? If so, beware - there are more scams than bargains out there.
For instance, have you received a text message or email that appears to be from a delivery service? This message indicates that the carrier has attempted to deliver a package to you or is waiting for delivery instructions, and is asking you to pay shipping or postage fees?
Beware, this is an attempted package delivery scam.
Be aware that genuine delivery companies will never ask you by SMS or email for any payment to receive a package. If you have any doubts, do not hesitate to contact the delivery company directly, advises the French government’s cyber malveillance website.
Christmas is busy period for cybercriminals
Busy periods for online commerce, such as Black Friday or the lead-up to Christmas, are magnets for cybercriminals. Taking advantage of the fact that many people are waiting for or sending packages, they often pretend to be well-known delivery companies to trick victims.
The festive season is a very lucrative time for e-commerce activities, accounting for 25% of all scams committed during the year, according to Les Echos Business publication. Hackers use the full extent of the arsenal at their disposal to slip into the flow of booming traffic.
They come in the form of phishing email campaigns, ransomware attacks, banking Trojans and even fraudulent websites promoting special offers.
This year, the level of cyberattacks during December is expected to be at an all-time high and businesses are being urged to be more vigilant.
The criminals’ main goal is to steal personal and credit card information for fraudulent use but this is not all.
Cybermalveillance.gouv.fr observes parcel delivery scams throughout the year and the cyber ‘phishers’ often also have other objectives: virus distribution, account hacking, fake technical support scam, disguised subscription.
Since the summer of 2022, a new and particularly aggressive parcel delivery SMS scam campaign was observed. It causes the victim to download a virus on their phone, which takes control of it to steal their passwords and send mass SMS scams, or, depending on the case, to take control of their Apple account.
People receive SMS messages announcing the delivery of a package, and this SMS contains a link which, once clicked, displays an alert message.
On an Android phone, the alert message prompts the user to install a supposed Chrome browser update that is in fact a virus. Once installed, this virus is able to create havoc.
On an iPhone the message claims that, for security reasons, it is necessary to re-enter the owner’s Apple account ID and password on a fraudulent web page. This allows them to hack the Apple account.
These are typical fraudulent SMS messages.
Photo credit: Screenshot / Cybermalveillance.gouv
Instructions (in French) on what to do if you inadvertently get phished are here.